The issue: using MS Access 2010 to compile a digitally signed 2002/2003 format mdb to an mde file results in the certificate not being recognised when than mde is subsequently opened.
To replicate this issue:
Step 1
(I did this on a Windows 7 computer - because that's where I have Access 2003 installed).
In Access 2003 create a 2002/2003 format mdb file.
Create one form and give it a Close button which has DoCmd.Quit in VBA behind the button.
Create AutoExec macro to open the form.
Open VBA window and attach digital certificate.
Compile it to an mde file.
The following steps were done on a Windows 8 computer (because that's where I have Access 2010 installed).
Step 2
Open the above mde file (from a folder which is NOT a Trusted Location) in Access 2010 and let AutoExec run.
The Security Notice is displayed - with a button giving an option to trust the publisher. Click this button.
The mde file opens and can be used.
Close the mde file.
Again open the mde file with Access 2010 and let AutoExec run. The digital certificate has been lodged so this time the Security Notice is not displayed.
Step 3
Open the same mdb file with Access 2010 (or create a new 2002/2003 format mdb file).
(From this point I'll refer to this as Mdb2 in case you created a new file).
Confirm that the certificate is still attached (or attach it if you've created a new mdb file).
Compile it to an mde file. (I'll refer to this as Mde2).
Step 4
Open Mde2 (from a folder which is NOT a Trusted Location) in Access 2010 and let AutoExec run.
Irrespective of whether the Trusted Publisher setting (created at Step 2) exists, the Security Notice is displayed and it has no option to trust the publisher.
i.e. It appears that the presence of a digital certificate has not been recognised.
Step 5
Set the folder which holds Mde2 as a Trusted Location under Access 2010.
Open Mde2 under Access 2010 and let AutoExec run.
The Security Notice is NOT displayed.
Step 6
Open Mdb2 under Access2010 (bypassing AutoExec).
With the VBA window open remove the digital certificate.
Compile the mdb to an mde (in the same folder as Mde2). I'll refer to this as Mde3.
Note that the folder is still set as a Trusted Location.
Open Mde3 under Access 2010 and let AutoExec run.
The Security Notice is NOT displayed.
i.e. The fact that the folder is a Trusted Location was sufficient to prevent the Security Notice being displayed. It was not necessary to also have a digital certificate.
---------------------
This Microsoft website clearly indicates that MS Access 2010 can be used to apply a digital certificate to an mdb file via the option under Tools in the VBA window (which is exactly what I've been doing):
http://office.microsoft.com/en-au/ac...010342008.aspx
(Scroll down to the section headed "Digitally sign an earlier version database" .. and the "Code sign a database" section which follows).
My testing above demonstrates that, when opening an mde in Access 2010:
1. If a certificate is recognised (because the mde was created in Access 2003), and a setting exists to say the publisher is trusted, then NO Security Notice gets displayed.
2. If there is NO certificate, or if the certificate is not recognised (because the mde was created in Access 2010), but a setting exists to say that the folder holding the mde is a Trusted Location, then NO Security Notice gets displayed.
---------------------
Why do I think there's a bug?
1. I've been successfully digitally signing mdbs and deploying mdes using MS Access 2003.
2. If the mde is created with Access 2003 the certificate is recognised when the mde is opened in Access 2010.
3. The Microsoft website confirms that I'm following the correct procedure to digitally sign an mdb file using MS Access 2010.
4. If MS Access 2010 is used to compile a digitally signed 2002/2003 format mdb to an mde file the certificate is not recognised when than mde is subsequently opened.
The only other possibility I can think of is that there is an issue with the digital certificate. But, if that was the case, surely Access 2010 would object at the time the certificate is attached.
---------------------
3 Oct 2013 .. Additional information:
I have now, on Windows 7 computer:
- Installed Access 2010.
- Opened the 2002/2003 format mdb file in Access 2010.
- Assigned the certificate to the mdb.
- Compiled the mdb to mde.
- Opened the mde (and allowed AutoExec to run) .. and I get the same Security Notice with NO option to trust the publisher.
I also opened the above mde (created on the Win 7 computer) under Access 2010 on the Win 8 computer .. and again I get the same Security Notice with NO option to trust the publisher.
So the issue has nothing to do with the version of Windows that Access 2010 is installed on.
Which brings us back to:
- Is it a problem with Access 2010 itself?
- Is it a problem with the certificate when used under Access 2010?
The certificate is one issued by a certification authority. (i.e. it is not self issued).